Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 10th November 2007, 06:46
wpwood3 wpwood3 is offline
Senior Member
 
Join Date: Oct 2007
Location: Atlanta, GA USA
Posts: 197
Thanks: 21
Thanked 31 Times in 21 Posts
Exclamation Possible bug in ISPConfig?

I spoke too soon...

For some reason the above steps did not solve my problem.
In fact, I believe it somehow led to the deletion of my entire /var/www directory when I tried later to delete mysite3 (/var/www/web3) in ISPConfig.

I think there is a bug in ISPConfig in the way it assigns group numbers.
This is the sequence of events and what happened:

1) I created Mysite1 in ISPConfig (/var/www/web1)
ISPConfig assigned web1 to GID 10001

2) I created Mysite2 in ISPConfig (/var/www/web2)
ISPConfig assigned web2 to GID 10002

3) I installed ossec (a program) and
CentOS assigned it to GID 10003

4) I created Mysite3 in ISPConfig (/var/www/web3)
ISPConfig assigned web3 to GID 10003

This won't work! web3 and ossec cannot both be 10003.

It appears that ISPConfig is not looking at the /etc/group file before it assigns group numbers. It is simply using an auto increment field in the isp_isp_web table of the IPSConfig MySQL database to generate group numbers. If that is true then it's a BIG problem!

Am I wrong?
__________________
CentOS 5.4 64bit (the Perfect Setup)
ISPConfig 2.2.40
WP3 Photography

Last edited by wpwood3; 11th November 2007 at 04:50.
Reply With Quote
Sponsored Links
  #12  
Old 10th November 2007, 18:37
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,804
Thanks: 840
Thanked 5,613 Times in 4,424 Posts
Default

Thats no bug in ISPConfig. The group number range that you set in ISPConfig under management > server > settings is reserved for ISPConfig. So if you create any group manually, the ID does never be in the range that you reserved for ISPConfig. Thats a prerequisite for ISPConfig.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #13  
Old 10th November 2007, 18:53
wpwood3 wpwood3 is offline
Senior Member
 
Join Date: Oct 2007
Location: Atlanta, GA USA
Posts: 197
Thanks: 21
Thanked 31 Times in 21 Posts
Question I do not understand

Quote:
Originally Posted by till
Thats no bug in ISPConfig. The group number range that you set in ISPConfig under management > server > settings is reserved for ISPConfig. So if you create any group manually, the ID does never be in the range that you reserved for ISPConfig. Thats a prerequisite for ISPConfig.
I am confused...

How did ossec get group 10003 if that is within the range reserved for ISPConfig?

On my test server I installed Ossec and Snort. They were assigned 10003 and 10004. Both of those groups are within the ISPConfig range.
__________________
CentOS 5.4 64bit (the Perfect Setup)
ISPConfig 2.2.40
WP3 Photography
Reply With Quote
  #14  
Old 10th November 2007, 19:04
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,804
Thanks: 840
Thanked 5,613 Times in 4,424 Posts
Default

The problem is that the rpm or apt package installer has use the next free GID and in your case, these gid's where in the reserved range of ISPConfig. which starts at GID 10000 and leaves the GID's < 10000 for other applications.

If you create a group manually, you will have to set the GID to a free ID < 10000 and make sure that thet there is no conflict with ISPConfig.

A better solution for your problem might have been to change the GID of ossec and snort right after you installed it to a GID < 10000 and change the GID of all files installed by snort and ossec to this lower GID too.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #15  
Old 10th November 2007, 19:28
wpwood3 wpwood3 is offline
Senior Member
 
Join Date: Oct 2007
Location: Atlanta, GA USA
Posts: 197
Thanks: 21
Thanked 31 Times in 21 Posts
Default

Ok, so you are saying that whenever I install any software I should inspect the GID that software was assigned in /etc/group to make sure it is not in the 10000 range?

If it is in that range then I need to edit /etc/group and change the GID for the software and also find every file installed by that software and change the ownership (chown)?

That sounds like a lot of work and potential source of errors!

Do I understand correctly?
__________________
CentOS 5.4 64bit (the Perfect Setup)
ISPConfig 2.2.40
WP3 Photography
Reply With Quote
  #16  
Old 11th November 2007, 00:02
wpwood3 wpwood3 is offline
Senior Member
 
Join Date: Oct 2007
Location: Atlanta, GA USA
Posts: 197
Thanks: 21
Thanked 31 Times in 21 Posts
Post Another way...

Let me offer an alternative solution for your consideration.
I have tested this on my test server and verified that it works.

Facts as I understand them:

- With the default configuration, ISPConfig sets GID starting at 10001 and increments +1 for each new group added by using an auto increment counter in the isp_isp_web table of the ISPConfig MySQL database. ISPConfig does not verify that a GID is previously assigned before it assigns it.

- CentOS 5 (and I assume all Linux distributions) looks at /etc/group and assigns the next GID based on the highest existing GID +1.

My proposed solution:

1) Create a new dummy GID
Code:
groupadd admispconfig2
2) Edit /etc/group to change admispconfig2 GID to 20000

3) Run group check to update /etc/gshadow
Code:
grpck
4) Create a new dummy UID and add it to the admispconfig2 group

Code:
useradd -s /sbin/nologin admispconfig2 -g admispconfig2
5) Edit /etc/passwd to change UID to 20000

6) Run password check

Code:
pwck
What this does

- It forces CentOS to only create new GID's and UID's above 20000

- It allows ISPConfig to create GID's and UID's between 10001 and 19999


Comments?
__________________
CentOS 5.4 64bit (the Perfect Setup)
ISPConfig 2.2.40
WP3 Photography

Last edited by wpwood3; 11th November 2007 at 01:01.
Reply With Quote
The Following 2 Users Say Thank You to wpwood3 For This Useful Post:
falko (11th November 2007), till (11th November 2007)
  #17  
Old 11th November 2007, 14:33
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,748 Times in 2,579 Posts
Default

Sounds good.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #18  
Old 11th November 2007, 16:01
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,804
Thanks: 840
Thanked 5,613 Times in 4,424 Posts
 
Default

Sounds like a smart solution. I added this as todo to the bugtracking system.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix problems with smtp linkdeb Server Operation 13 15th March 2014 18:58
Strange email problem for one of my domains... any help appreciated paulrobert_a Installation/Configuration 5 9th August 2010 15:15
sending e-mail using mail() function linuxuser1 HOWTO-Related Questions 38 21st April 2009 13:20
Postfix+MySQL Problem jasutton Installation/Configuration 1 15th June 2006 17:06
SMTP TLS Problem with Mail Client dschmid Installation/Configuration 1 9th December 2005 02:56


All times are GMT +2. The time now is 07:18.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.